201122838 六、發明說明: 【發明所屬之技術領域】 [0001] 本發明係有關/種通用匯流排連接裝置’尤指一種連接 於電腦的USB P〇rt與外部具有USB界面(插頭)的裝置之 間,以確保資訊安全管控。 【先前技術】 [0002] 目前市售之電腦產品所具有的通用匯流排(USB)輸出入連 接埠都是以共通的使用界面為標準,可讓使用者連接任 何USB裝置,因而許多通用匯流排連接槔就形成電腦資安 的漏洞,資料被盜取、電腦病毒的感染傳播都因USB連接 埠而輕易產生。 [0003] 因此,為防堵此電腦資安的漏洞,目前大部分都採用安 裝病毒防護軟體、密碼保護、拆除USB連接埠等方式來 應付電腦病毒的感染傳播或防範資料被盜取,但這些方 法亦無法產生完整的保護,其缺點有: [0004] 一、病毒防護軟體必須安裝並長駐於電腦作業系統,於 ® 是也會影響電腦的效能甚至影響正常程式的執行,另外 病毒的辨識能力,需經常更新病毒碼,需經常掃瞄電腦 系統等都是病毒防護軟體的現有缺失。 [0005] 二、以密碼保護電腦系統,此方式雖可管控使用電腦的 使用者,但依然無法防止USB連接埠的資安漏洞。 [0006] 三、更有將電腦主機上的USB連接埠拆除,只允許某固定 之電腦主機具有USB連接埠,雖然可防止此電腦系統的資 料被盜取及電腦病毒的感染傳播,但對於其他使用者卻 098146282 表單編號A0101 第3頁/共14頁 0982078959-0 201122838 而且 因無法使用任何具有USB界面裝置而感到十分不便, 病’依然可透過網路散播至其他連網的電腦系統或透過 網路駭入並存取其他的電腦資料。 【發明内容】 [0007] [0008] [0009] [0010] [0011] [0012] [0013] 098146282 因此,在本發明之主要目的,在於解決傳統缺失,並利 用通用匯流排動態裝置對應技術(USB DDM-Dynamic Device Mapping)應用於通用匯流排的資訊安全管控界 面’讓電腦主機的USB連接埠可以依管理者的需求設定 被授權的外部裝置(積極式主動設定如:印表機)或設定 不可連接未授權的特定外部裝置(消極式排徐設定如:隨 ... ; 身碟)’以硬體界面結合韌體程式的!)麗裝置界面讓USB 連接埠的資訊安全管控有最完整的保護。 為達上述之目的,本發明提供一種具有資訊安全管控之 通用匯流排連接裝置,包括: 一第一連接單元,係與電碼主機岛p〇rt電性連結; 控制單元’係與該第一連接單元電性連結,該控制單 兀為通用匯流排連接裝置界面之核心,以讀取外部裴置 的完整資料進行判讀及通訊; 一記憶單元,係與該控制單元電性連結,以儲存外部裝 置的完整資料; -燒錄單元’係與該控制單元電性連結,利用燒錄模組 將外部裝置的相關設定條件及資料在燒錄時,經 元儲存至記憶單元; ^ 可連接複 0982078959-0 一第二連接單元,係與該控制單元電性連結, 表單編號A〇1〇1 帛4頁/共14頁 201122838 數個外部裝置,將所連結的外部裝置 元做裝置判讀及通訊。 的訊號送至控制單 [0014] 【實施方式】 茲有關本發明之詳細說明及技術内容, 如下: 現配合圖式說明 [0015] Ο [0016] 請參閱第―圓’係本發明之通用匯流排連接裝置的電路 方塊不意圖。如圖所心本發明之具有資訊安全管控之 通用匯流排連接I置,包括:—第—連接單^、—控制 單元2、一燒錄單元3、—轉單元4及-第二連接單元5 該第一連接單&,係與電腦主機(PC)的USB port(圖中 未示)及控制單元2電性連結。該第-連接單元1為USB界 面晶片,可根據控制單元2的控制,將外雜裝置(外部具 有USB界面的裝置)的相關條件(種類、型號、廠牌、功能 等)及資料完整的傳輸至電腦主機(PC:^USB p〇rt上, 讓電腦主機(PC)如同直接與外部裝置連結一樣。 該控制單元2,係與該第一連接單元1電性連結,該控制 單元2為咼效能微電腦晶片(High Performance MCU) 或喪入式系統晶片(Embedded system chip or SOC) «此控制單元2為通用匯流排連接(動態)裝置(DDM)界面 之核心,以韌體程式結合此晶片功能取代電腦主機與外 部裝置通訊,以讀取外部裝置的完整資料(例如:裝置種 類、裝置型態、裝置廠牌型號(PID/ VID)及USB傳輸 資料等),再與先前所設定的裝置資料進行比對’如為被 授權許可的裝置則此控制單元2將外部裝置完整資料經第 098146282 表單編號A0101 第5買/共14頁 0982078959-0 201122838 —連接單元1連結傳送到電腦主機’如為未被授權或學止 的外部裝置,該控制單元2將不與電腦連結而讓此未被授 權的外部裝置無法操作。 [0018] [0019] [0020] [0021] 該燒錄單元(Programming Interface) 3,係與該控 制單元2電性連結’此燒錄單元3讓使用者利用特定的燒 錄模組依據需求將外部裝置的相關設定條件及資料,如 裳置種類、裝置塑態、裝置廠牌型號(PID/ VID)及USB 傳輸資料等,在燒錄單元3燒錄時,經控制單元2儲存至 。己憶早元4,提供一個最安全的:設定方式。 .. . . .. .... .... 該記憶單元4,係與該控制單元電性連結,主要為儲存管 理者所設定的資料,此記憶單元4為記憶體,該記憶單元 4之讀寫完全由控制單元2所控制而且為非揮發性記憶體 ’即使電源中斷亦無法消除或改變所儲存的資料主控晶 片所以有極佳的安全性。 該第二連接單元5,係與該控制單元2電性連結,為USB 集線器界面晶片(USB Hub Chip),可連接複數個外部 裝置’將所連結的外部裝置的訊號送至控制單元2做裝置 判讀及通訊。 請參閱第一、二圖,係本發明之通用匯流排連接裝置的 電路方塊及使用狀態示意圖。如圖所示:當本發明通用 匯流排連接裝置在使用時,將該第一連接單元1與該電腦 主機(PC)6的USB連接埠(connector port) 61電性連 結,而該第二連接單元5與複數個外部裝置(具有USB界面 裝置)7電性連結。 098146282 表單編號A0101 第6頁/共14頁 0982078959-0 201122838 [0022]在外部裝置7與該第二 元2進行判讀,在外冑性連結後’由該控制單 μ ι制早元2讀取外部裝置7的裝置 、裝置型態、裝置麻眙剂叼裒置種類 斜塞杯一 k ID/ VID)及咖傳輸資 Μ一切,倾記鮮 行比對,是否Λ馬Αβ 叮辟存的資料進 ^牌酬_⑽卿傳_。若^ 時,該電腦主機6的資料即可傳送至該外部裝置7=存° : = 置7内部所儲存的資料傳至於電: ❹ 電腦主機6内部的資料無法傳至於該 裝置中該外部裝置7内部所儲存的資料 至於電腦主機6中,以達資訊安全之管控。、、、傳 [0023] ο 請參閲第三圖,係本發明之通用Ϊ流排連縣置另—實 施例不意圖。如圖所示:本發明之通用響排連接 可與該電社機(PC)6的USB連接埠61整合在—起 外部裝置(具有USB界面裝置)7與職連接蜂㈣性連社 時,該通用匯流排連接裝置將進行比對外部装置、、。 對符合時,該電腦主機6的資料即可傳送至該外部裝置? 中儲存,或者由外部裝置7内部所儲存的資料傳至^ 主機6中。若比對不符合時,該電腦主機6内部的資料無 法傳至於該外部裝置7中,該外部裳置7内部所儲存的資 料也無法傳至於電腦主機6中,以達資訊安全之管控。 [0024] 上述僅為本發明之較佳實施例而已,並非用來限定本發 明實施之範圍。即凡依本發明申請專利範圍所做的均等 變化與修飾,皆為本發明專利範圍所涵蓋。 【圖式簡單說明】 098146282 表單編號A0101 第7頁/共14頁201122838 VI. Description of the Invention: [Technical Field] [0001] The present invention relates to a general-purpose busbar connection device, and more particularly to a USB P〇rt connected to a computer and a device having a USB interface (plug) externally. To ensure information security control. [Prior Art] [0002] The universal bus (USB) input/output port of the currently commercially available computer products is based on a common user interface, allowing users to connect any USB device, and thus many common bus bars. The connection 槔 forms a loophole in computer security, data is stolen, and the spread of computer virus infection is easily generated by the USB connection. [0003] Therefore, in order to prevent the loopholes in this computer security, most of the current methods of installing virus protection software, password protection, removal of USB ports, etc. to cope with the spread of computer virus infection or to prevent data theft, but these The method also does not produce complete protection. The disadvantages are: [0004] First, the virus protection software must be installed and resident in the computer operating system. The ® will also affect the performance of the computer and even affect the execution of the normal program, and the identification of the virus. Ability, need to update the virus code frequently, need to scan the computer system frequently, etc. are all existing defects of virus protection software. [0005] Second, the computer system is protected by a password. Although this method can control the users who use the computer, it still cannot prevent the security vulnerability of the USB port. [0006] Third, the USB port on the computer host is removed, only a fixed computer host has a USB port, although it can prevent the data of this computer system from being stolen and the spread of computer virus infection, but for other User 098146282 Form No. A0101 Page 3 of 14 0982078959-0 201122838 And because it is inconvenient to use any USB interface device, the disease can still be transmitted to other networked computer systems or through the network. The road breaks in and accesses other computer data. [0009] [0009] [0010] [0012] [0013] [0013] 098146282 Therefore, the main purpose of the present invention is to solve the traditional lack of, and utilize the universal bus dynamic device corresponding technology ( USB DDM-Dynamic Device Mapping) is applied to the information security management interface of the universal bus. 'The USB port of the computer can be set to the authorized external device (active active setting such as: printer) or setting according to the needs of the administrator. Unable to connect to unauthorized external devices (negative settings such as: with... body) "hardware interface combined with firmware program!" Li device interface makes the USB port's information security control the most complete protection of. To achieve the above purpose, the present invention provides a universal busbar connection device with information security management and control, comprising: a first connection unit electrically connected to a code host island p〇rt; the control unit is connected to the first connection The unit is electrically connected, and the control unit is the core of the interface of the universal busbar connection device, and reads and communicates with the complete data of the external device; a memory unit is electrically connected with the control unit to store the external device. The complete information; - the burning unit is electrically connected to the control unit, and the relevant setting conditions and data of the external device are stored in the memory unit by the burning module when the programming is performed; ^ can be connected to the complex 0982078959- 0 A second connection unit is electrically connected to the control unit. Form number A〇1〇1 帛4 pages/14 pages 201122838 Several external devices are used to interpret and communicate the connected external device elements. The signal is sent to the control list [0014] [Embodiment] The detailed description and technical contents of the present invention are as follows: Now with the description of the drawings [0015] Ο [0016] Please refer to the "circle" for the general confluence of the present invention The circuit blocks of the row connection device are not intended. As shown in the figure, the universal busbar connection I with information security management and control includes: - a first connection unit, a control unit 2, a programming unit 3, a conversion unit 4, and a second connection unit 5. The first connection list & is electrically connected to a USB port (not shown) of the computer (PC) and the control unit 2. The first connection unit 1 is a USB interface chip, and the related conditions (type, model, brand, function, etc.) and data of the external device (device with external USB interface) can be completely transmitted according to the control of the control unit 2. To the host computer (PC:^USB p〇rt, the computer main unit (PC) is connected directly to the external device. The control unit 2 is electrically connected to the first connection unit 1, and the control unit 2 is High Performance MCU or Embedded system chip or SOC «This control unit 2 is the core of the Universal Bus Connection (Dynamic) Device (DDM) interface, which is combined with the firmware function. Instead of the host computer to communicate with external devices, to read the complete information of the external device (such as: device type, device type, device brand model (PID / VID) and USB transmission data, etc.), and then with the previously set device data For comparison, if the device is authorized, the control unit 2 will complete the external device through the 098146282 form number A0101 5th buy/total 14 pages 0982078959-0 201 122838 - The connection unit 1 is connected to the host computer 'If it is an unauthorized or learned external device, the control unit 2 will not be connected to the computer to make the unauthorized external device inoperable. [0019] [0021] The programming interface 3 is electrically connected to the control unit 2. The programming unit 3 allows the user to use the specific programming module to set the relevant conditions of the external device according to requirements. And the information, such as the type of dressing, the plastic state of the device, the model number of the device (PID/VID) and the USB transmission data, are stored in the burning unit 3, and are stored by the control unit 2. It is recalled as early as 4, provided One of the safest: setting mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . For the memory, the reading and writing of the memory unit 4 is completely controlled by the control unit 2 and is a non-volatile memory. Even if the power is interrupted, the stored data master chip cannot be eliminated or changed, so that the security is excellent. The second connecting unit 5 is associated with the The control unit 2 is electrically connected to a USB hub chip (USB Hub Chip), and can connect a plurality of external devices to send the signals of the connected external devices to the control unit 2 for device interpretation and communication. Please refer to the first and second The figure shows a circuit block and a state of use of the universal bus bar connecting device of the present invention. As shown in the figure, when the universal bus bar connecting device of the present invention is in use, the first connecting unit 1 and the computer host (PC) are used. The USB port connector 61 of the 6 is electrically connected, and the second connecting unit 5 is electrically connected to a plurality of external devices (having a USB interface device) 7. 098146282 Form No. A0101 Page 6 of 14 0982078959-0 201122838 [0022] The external device 7 and the second element 2 are interpreted, and after the external connection, the external unit 2 is read by the control unit. The device, the type of device, the device type of paralyzed device, the slanting cup, a k ID/VID, and the coffee transfer, all of which are worth checking, whether it is the data of the Λ Α 叮 叮^Reward _ (10) Qing Chuan _. If ^, the data of the host computer 6 can be transferred to the external device 7=Save ° : = 7 The internal stored data is transmitted to the power: 资料 The data inside the host computer 6 cannot be transmitted to the external device in the device 7 The information stored internally is located in the computer host 6 for control of information security. [0023] ο Please refer to the third figure, which is not intended to be a general-purpose bus of the present invention. As shown in the figure, the universal ring connection of the present invention can be integrated with the USB port 61 of the computer (PC) 6 when an external device (with a USB interface device) 7 and a user connection bee (four) are connected. The universal busbar connection device will compare the external devices. When the data is met, the data of the host computer 6 can be transmitted to the external device. The medium is stored, or the data stored inside the external device 7 is transferred to the host 6. If the comparison does not match, the data inside the host computer 6 cannot be transmitted to the external device 7, and the information stored in the external device 7 cannot be transmitted to the host computer 6 for control of information security. The above is only the preferred embodiment of the present invention and is not intended to limit the scope of the embodiments of the present invention. That is, the equivalent changes and modifications made by the scope of the patent application of the present invention are covered by the scope of the invention. [Simple description of the drawing] 098146282 Form No. A0101 Page 7 of 14
〇982〇7895M 201122838 係本發明之通用匯流排連接裝置的電路方塊示 [0025] 第一圖, 意圖。 [0026] 第二圖,係本發明之通用匯流排連接裝置使用狀態示意 圖。 [0027] 第三圖,係本發明之通用匯流排連接裝置另一實施例示 意圖。 [0028] 【主要元件符號說明】 第一連接單元1 [0029] 控制單元2 [0030] 燒錄單元3 [0031] 記憶單元4 [0032] 第二連接單元5 [0033] 電腦主機6 [0034] USB連接埠61 [0035] 外部裝置7〇982〇7895M 201122838 is a circuit block diagram of a universal busbar connection device of the present invention. [0025] First figure, intent. The second diagram is a schematic diagram showing the state of use of the universal busbar connection device of the present invention. [0027] The third figure is another embodiment of the universal bus bar connecting device of the present invention. [Description of Main Component Symbols] First Connection Unit 1 [0029] Control Unit 2 [0030] Memory Unit 3 [0031] Memory Unit 4 [0032] Second Connection Unit 5 [0033] Computer Host 6 [0034] USB port 埠 61 [0035] External device 7
0982078959-0 098146282 表單編號A0101 第8頁/共14頁0982078959-0 098146282 Form No. A0101 Page 8 of 14